ua auto-attach hangs whilst starting ubuntu-advantage on FIPS machines
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ubuntu-advantage-tools (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
This bug causes custom images based on Ubuntu Pro in public clouds that were built in a certain way to never finish booting (as determined by `cloud-init status --wait` never exiting). The bug occcurs when `ua detach` is not run as part of the custom image creation process.
The bug occurs because of a systemd service starting deadlock. The oneshot `ua-auto-
The fix is to not start `ubuntu-
[Test Plan]
To Reproduce:
Use a packer.json like the following:
```
{
"builders": [
{
"type": "amazon-ebs",
"region": "us-east-2",
"ami_name": "My-Ubuntu-
"name": "ubuntu-
},
"owners": ["679593333241"],
},
}
],
"provisioners": [
{
"type": "shell",
"inline": [
]
}
]
}
```
build the image with packer
```
packer build packer.json
```
use the ami to launch a new instance
ssh into the machine and run
```
cloud-init status --wait
```
That command will never finish.
Also systemctl status will report the system as "starting" forever. And ua-auto-
To test that release 27.10.1 of ubuntu-
```
{
"builders": [
{
"type": "amazon-ebs",
"region": "us-east-2",
"ami_name": "My-Ubuntu-
"filters": {
"name": "ubuntu-
},
"owners": ["679593333241"],
},
}
],
"provisioners": [
{
"type": "shell",
"inline": [
"printf \"deb http://
list.d/
"sudo apt update",
"sudo apt install ubuntu-
]
}
]
}
```
In an instance launched from that packer.json, `cloud-init status --wait` will complete. And the other symptoms mentioned above will not be present.
[Where problems could occur]
The fix is to move the `systemctl start ubuntu-
If we made a mistake, it may happen that the service is not started in some scenario where it should be started.
[Original Description]
When ua auto-attach v27.9 is ran on Ubuntu Pro hosts (with FIPS enabled) it issues an systemctl start ubuntu-advantage command which hangs forever and is never killed, my understanding is this service is only meant to run on GCP and has constraints in the systemd unit which should ensure this is true so unsure whats causing the systemctl command to hang rather than exit immediately
root@<hostname>:~# ps f -g 590
PID TTY STAT TIME COMMAND
590 ? Ss 0:00 /usr/bin/python3 /usr/bin/ua auto-attach
15387 ? S 0:00 \_ systemctl start ubuntu-
Description: Ubuntu 20.04.4 LTS
Release: 20.04
Also confirmed the same behaviour on Ubuntu 18.04 LTS
ubuntu-
Installed: 27.9~20.04.1
Candidate: 27.9~20.04.1
Version table:
*** 27.9~20.04.1 500
500 http://
100 /var/lib/
Packages
20.3 500
500 http://
summary: |
- ua auto-attach hangs whilst starting ubuntu-advantage on AWS Gov Cloud - hosts (FIPS) + ua auto-attach hangs whilst starting ubuntu-advantage on FIPS machines |
description: | updated |
Hi George Campbell,
Thank you for taking the time to report this bug! It looks like two bugs:
1. We shouldn't run `systemctl start ubuntu- advantage. service` ever during a `ua auto-attach` advantage. service` should always exit immediately, especially when not on GCP like you mentioned.
2. `systemctl start ubuntu-
We'll be sure to address these in the next version.
A question to help me reproduce this issue: from looking at the code, this is the scenario I'm imagining might cause this:
1. Launch an Ubuntu Pro image from the aws marketplace
2. Make changes to the instance and create a new custom image based on that instance.
3. Launch the new custom image
Is that roughly what you did to trigger this bug?
As a workaround in the mean time, I think masking ubuntu- advantage. service and rebooting will allow everything to continue:
sudo systemctl mask ubuntu- advantage. service
And if you need to run that early on first-boot, I think a cloud-init bootcmd would work: https:/ /cloudinit. readthedocs. io/en/latest/ topics/ modules. html#bootcmd